webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-15 21:43:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
67231124987d0f9d9a8d5995928bbdc78a35e039
bpfire/lfs/linux
Vincent Li 6723112498 lunatik: missing module BTF kfuncs not regstered 
error when run lunatik which loads lunatik kernel modules

root@bpfire-2 lua]# lunatik run examples/filter/sni false

[root@bpfire-2 lua]# dmesg

[  330.411665] lunatik: loading out-of-tree module taints kernel.
[  330.411680] lunatik: module verification failed: signature and/or required key missing - tainting kernel
[  330.433955] Kernel module BTF mismatch detected, BTF debug info may be unavailable for some modules
[  330.767701] missing module BTF, cannot register kfuncs

BPFire chroot build mount /sys/kernel/btf/vmlinux which is
the host binary vmlinux BTF to build against lunatik kernel module,
which result in above error. adjust BPFire kernel build to save
the binary vmlinux BTF to chroot
/lib/modules/6.6.15-ipfire/build/vmlinux for lunatik kernel module.

create the vmlinux.h from the same binary vmlinux BTF for the ebpf https.o

lunatik kernel module is depending on kernel build, adjust the lunatik
build accordingly when kerne upgrade in future.

See https://github.com/vincentmli/BPFire/issues/40
see https://github.com/luainkernel/lunatik/issues/189

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2024-09-17 17:22:22 +00:00

273 lines
11 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2024 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 6.6.15
THISAPP = linux-$(VER)
DL_FILE = linux-$(VER).tar.xz
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
CFLAGS =
CXXFLAGS =
HEADERS_ARCH = $(BUILD_PLATFORM)
KERNEL_ARCH = $(BUILD_ARCH)
KERNEL_TARGET = bzImage
ifeq "$(BUILD_ARCH)" "aarch64"
HEADERS_ARCH = arm64
KERNEL_ARCH = arm64
KERNEL_TARGET = Image
endif
ifeq "$(BUILD_ARCH)" "riscv64"
KERNEL_ARCH = riscv
KERNEL_TARGET = Image.gz
endif
VERSUFIX=ipfire$(KCFG)
ifeq "$(TOOLCHAIN)" "1"
TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)-tools
HEADERS_PREFIX = $(TOOLS_DIR)
EXTRAMAKE = CROSS_COMPILE=$(CROSSTARGET)-
else
TARGET = $(DIR_INFO)/linux-$(VER)-$(VERSUFIX)
HEADERS_PREFIX = /usr
endif
ifeq "$(KCFG)" ""
LASTKERNEL=1
endif
###############################################################################
# Top-level Rules
###############################################################################
objects = \
$(DL_FILE)
$(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = a630bc7b2463bdc312f8936210a54e92bbe4136fc78995c18d0ccafbcdb27cce5b7b0d4a6ba10c378e14e86855ee7e76e355acc0580f7441e4df64e7dbd8a4b7
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
b2 : $(subst %,%_BLAKE2,$(objects))
dist:
@$(PAK)
###############################################################################
# Downloading, checking, b2sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_BLAKE2,$(objects)) :
@$(B2SUM)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
ln -svf linux-$(VER) $(DIR_SRC)/linux
# Layer7-patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.6-layer7.patch
# DVB Patches
cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/v4l-dvb_fix_tua6034_pll.patch
# Wlan Patches
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14_ath_user_regd.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.9.8-iwlwifi-noibss_only_on_radar_chan.patch
# Fix igb and e1000e crash
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-4.14.1-igb-e1000e_fix_lock_at_update_stats.patch
# Fix uevent PHYSDEVDRIVER
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-2.6.32.27_mcs7830-fix-driver-name.patch
# fix Boot with enabled usercopy hardening
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.9-crypto_testmgr_allocate_buffers_with____GFP_COMP.patch
# Patch performance monitoring restrictions to allow further hardening
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch
# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
# Fix external module compile
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-6.0-fix_external_module_build.patch
ifeq "$(BUILD_ARCH)" "aarch64"
# Apply Arm kernel patches.
cd $(DIR_APP) && cat patch $(DIR_SRC)/src/patches/linux/aarch64/* | patch -Np1
endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-3.14.79-amba-fix.patch
ifeq "$(KCFG)" "-headers"
# Install the header files
cd $(DIR_APP) && make ARCH=$(HEADERS_ARCH) $(EXTRAMAKE) headers
-mkdir -pv $(BUILDROOT)/$(HEADERS_PREFIX)/include
cd $(DIR_APP) && find usr/include -name '.*' -delete
cd $(DIR_APP) && rm usr/include/Makefile
cd $(DIR_APP) && cp -rv usr/include/* $(BUILDROOT)/$(HEADERS_PREFIX)/include
else
# Install ipfire logo
cd $(DIR_APP) && cp -vf $(DIR_SRC)/config/kernel/ipfire_logo.ppm \
drivers/video/logo/logo_linux_clut224.ppm
# Cleanup kernel source
cp $(DIR_SRC)/config/kernel/kernel.config.$(BUILD_ARCH)-$(VERSUFIX) $(DIR_APP)/.config
cp $(DIR_SRC)/config/kernel/kernel.config.bpf $(DIR_APP)/bpf-config
cd $(DIR_APP) && make oldconfig
cd $(DIR_APP) && ./scripts/kconfig/merge_config.sh .config bpf-config
cd $(DIR_APP) && make clean
cd $(DIR_APP) && sed -i -e 's/EXTRAVERSION\ =.*/EXTRAVERSION\ =\ -$(VERSUFIX)/' Makefile
# Copy Module signing key configuration
cp -f $(DIR_SRC)/config/kernel/x509.genkey $(DIR_APP)/certs/x509.genkey
# Remove modules folder if exists
rm -rf /lib/modules/$(VER)-$(VERSUFIX)
# Build the kernel
cd $(DIR_APP) && make $(MAKETUNING) $(KERNEL_TARGET) modules
# Build bpftool
cd $(DIR_APP)/tools/bpf/bpftool && sed -i -e 's/^prefix ?= \/usr\/local/prefix ?= \/usr/' Makefile
cd $(DIR_APP)/tools/bpf/bpftool && make $(MAKETUNING)
# Install the kernel
cd $(DIR_APP) && cp -v arch/$(KERNEL_ARCH)/boot/$(KERNEL_TARGET) /boot/vmlinuz-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v System.map /boot/System.map-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && cp -v .config /boot/config-$(VER)-$(VERSUFIX)
cd $(DIR_APP) && INSTALL_MOD_STRIP=1 make $(MAKETUNING) modules_install
# Install bpftool
cd $(DIR_APP)/tools/bpf/bpftool && make install
ifneq "$(BUILD_PLATFORM)" "x86"
cd $(DIR_APP) && make $(MAKETUNING) dtbs
mkdir -p /boot/dtb-$(VER)-$(VERSUFIX)
cd $(DIR_APP)/arch/$(KERNEL_ARCH)/boot/dts && for f in $$(find -name "*.dtb"); do \
cp -v --parents $$f /boot/dtb-$(VER)-$(VERSUFIX)/ ; \
chmod 644 /boot/dtb-$(VER)-$(VERSUFIX)/$$f ; \
done
endif
# Recreate source and build links
rm -rf /lib/modules/$(VER)-$(VERSUFIX)/{build,source}
mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/build
ln -sf build /lib/modules/$(VER)-$(VERSUFIX)/source
# Create dirs for extra modules
mkdir -p /lib/modules/$(VER)-$(VERSUFIX)/extra
cd $(DIR_APP) && cp --parents $$(find -type f -name "Makefile*" -o -name "Kconfig*") \
/lib/modules/$(VER)-$(VERSUFIX)/build
cd $(DIR_APP) && cp Module.symvers System.map /lib/modules/$(VER)-$(VERSUFIX)/build
rm -rf /lib/modules/$(VER)-$(VERSUFIX)/build/{Documentation,scripts,include}
cd $(DIR_APP) && cp .config /lib/modules/$(VER)-$(VERSUFIX)/build
cd $(DIR_APP) && cp -a scripts /lib/modules/$(VER)-$(VERSUFIX)/build
find /lib/modules/$(VER)-$(VERSUFIX)/build/scripts -name "*.o" -exec rm -vf {} \;
cd $(DIR_APP) && cp -a --parents arch/$(HEADERS_ARCH)/include /lib/modules/$(VER)-$(VERSUFIX)/build
cd $(DIR_APP) && cp -a include /lib/modules/$(VER)-$(VERSUFIX)/build/include
# Copy module signing key for off tree modules
cd $(DIR_APP) && cp -f certs/signing_key.* /lib/modules/$(VER)-$(VERSUFIX)/build/certs/
# Install objtool
cd $(DIR_APP) && cp -a tools/objtool/objtool \
/lib/modules/$(VER)-$(VERSUFIX)/build/tools/objtool/ || :
cd $(DIR_APP) && cp -a --parents tools/build/{Build,Build.include,fixdep.c} \
tools/scripts/utilities.mak /lib/modules/$(VER)-$(VERSUFIX)/build
# Make sure we can build external modules
touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/Makefile \
/lib/modules/$(VER)-$(VERSUFIX)/build/include/generated/uapi/linux/version.h
touch -r /lib/modules/$(VER)-$(VERSUFIX)/build/.config \
/lib/modules/$(VER)-$(VERSUFIX)/build/autoconf.h
cp /lib/modules/$(VER)-$(VERSUFIX)/build/.config \
/lib/modules/$(VER)-$(VERSUFIX)/build/include/config/auto.conf
# lunatik: copy resolve_btfids to /lib/modules/$(VER)-$(VERSUFIX)/build/tools/bpf/resolve_btfids/
# cop.btf.vmlinux.bin.o to vmlinux for lunatik kernel modules build
cp -f $(DIR_APP)/tools/bpf/resolve_btfids/resolve_btfids /lib/modules/$(VER)-$(VERSUFIX)/build/tools/bpf/resolve_btfids/
cp -f $(DIR_APP)/.btf.vmlinux.bin.o /lib/modules/$(VER)-$(VERSUFIX)/build/vmlinux
# Fix permissions
find /lib/modules/$(VER)-$(VERSUFIX) -name "modules.order" \
-exec chmod 644 {} \;
find /lib/modules/$(VER)-$(VERSUFIX) -name ".*.cmd" -exec rm -f {} \;
ifeq "$(LASTKERNEL)" "1"
# Only do this once
cd $(DIR_APP) && install -m 755 usr/gen_init_cpio /sbin/
# disable drm by install drm to /bin/false because i915 ignore blacklisting
echo install drm /bin/false > /etc/modprobe.d/framebuffer.conf
# Blacklist old framebuffer modules
for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/video/fbdev/ -name *.ko.xz); do \
echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \
done
# Blacklist new drm framebuffer modules
for f in $$(find /lib/modules/$(VER)-$(VERSUFIX)/kernel/drivers/gpu/drm -name *.ko.xz); do \
echo "blacklist $$(basename $$f)" >> /etc/modprobe.d/framebuffer.conf ; \
done
sed -i -e "s|.ko.xz||g" /etc/modprobe.d/framebuffer.conf
# Disable ipv6 at runtime
echo "options ipv6 disable_ipv6=1" > /etc/modprobe.d/ipv6.conf
endif
endif
#force new build of external modules and initrd if the kernel was rebuild
-rm -f /usr/src/log/*-kmod-$(VER)-$(VERSUFIX)
-rm -f /usr/src/log/linux-initrd-$(VER)-$(VERSUFIX)
@rm -rf $(DIR_APP) $(DIR_SRC)/linux
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink